Senior Web App Pen Tester (San Diego or Irvine)

Overview

Penetrate test and secure web apps, automate security in CI/CD, advise dev teams

Key Responsibilities

• penetration testing
• security automation
• ci/cd scanning
• vulnerability remediation
• tool integration
• secure sdlc

Tasks

-Utilize sustainable methods to automate finding feedback to generate developer work items and trigger re-scan when associated work items are closed -Hack the Box Penetration Testing Specialist (CPTS) / AD Pentesting Expert (CAPE) -Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC -Conduct penetration tests on web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques -Hack the Box Bug Bounty Hunter (CBBH) / Web Exploitation Expert (CWEE) -Automate security testing at various stages within the CI/CD pipeline -Recommend code changes to eliminate vulnerabilities -Consume a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) to secure web applications during development and production run-time

Requirements

• python
• burp suite
• oscp
• ci/cd
• sast
• pen testing

What You Bring

-A self-starter who can advance the application security program and follow-through ideas to completion -Experience with web application penetration testing, identifying and exploiting attack chains to evaluate the severity of vulnerabilities within a web application -Scripting/programming skills - Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration -INE Security Web Application Penetration Tester eXtreme (eWPTX) -A track record of commitment to prior employers -Experience with mobile application penetration testing -Demonstrate risk of detected issues to both technical and non-technical audiences -Ability to mentor and train team members to prioritize security efforts effectively -Dynamic application security testing (DAST) through Metasploit, Burp Suite, OWASP ZAP, Acunetix, etc. -Those certifications can be substituted with considerable experience in CTFs, impressive CVEs, or impressive bug bounty reports. -Knowledge of infrastructure operations across databases, network, and system administration -Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation -Experience with common programming language: C# (preferred), Java, C/C++, Python, or Go -In-depth understanding of various assessment tools -Experience testing modern applications in cloud-native tech stacks -Hands-on experience implementing security tools into CI/CD pipelines -Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk -Experience writing comprehensive reports that clearly demonstrate the risk of vulnerabilities to developers and technical leadership -Experience with defense-in-depth strategies to help mitigate existing risk within applications -Bachelor’s Degree required from an accredited, not for profit university or college (preferably in Computer Science/Cybersecurity) -Industry relevant professional certifications such as: -Offensive Security Certified Professional (OSCP) / Experienced (OSEP) -3+ years total experience in a technical role with at least 1 year of professional experience penetration testing -Experience coordinating with application teams to drive security by design principles

People Also Searched For

Benefits

-401(K) retirement plan with matching contributions -Life, legal, and supplementary insurance -Tuition reimbursement -Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups -Virtual and in person mental health counseling services for individuals and family -Commuter and parking benefits -Employee stock purchase plan -Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks -Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug -Paid time off -On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes

About Costar Group

-Offers comprehensive data on properties, tenants, leases, and market conditions globally. -Known for its pioneering technology and research, delivers powerful insights to commercial real estate professionals. -Its旗舰平台, CoStar, provides unmatched property data, news, and analytics. -Platforms used by real estate professionals, from brokers to investors to property managers. -Expanded through strategic acquisitions, including the purchase of LoopNet and Apartments.com. -Data-driven insights help clients make informed investment and leasing decisions, shaping the global real estate market.

Sector Specialisms

Visa Sponsorship

-costar group will not provide visa sponsorship for this position.

Security Clearance

-pre‑employment substance abuse testing is required.